Misleading output from /usr/local/etc/periodic/daily/pkgaudit_check

R

rawthey

pkgaudit_check is wrongly saying there's new versions for py39-joblib and py39-OWSLib and displays the 'new' version number multiple times.
Code: 
Updating FreeBSD repository catalogue...
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
FreeBSD repository update completed. 33918 packages processed.
All repositories are up to date.
virtualbox-ose-6.1.44_1 - new version 6.1.46 available
py39-joblib-1.1.0 - new version 1.1.0 1.1.0 available
py39-OWSLib-0.28.0 - new version 0.28.0 0.28.0 0.28.0 available
ungoogled-chromium-114.0.5735.198 - new version 115.0.5790.98 115.0.5790.98 available
The relevant section of pkgaudit_check is:
Code: 
for package in $(pkg audit -q)
do
rc=1
name=$(pkg query %n $package)
repo_version=$(pkg rquery %v $name)
if [ "$repo_version" != "" ]; then
this_version=$(pkg query %v $package)
if [ "$this_version" != "$repo_version" ]; then
echo $package - new version $repo_version available
fi
fi
done
And pkg rquery is returning multiple values for some packages:
Code: 
curlew:/usr/local/etc/periodic/daily% pkg rquery %v py39-joblib
1.1.0
1.1.0
curlew:/usr/local/etc/periodic/daily% pkg rquery %v py39-OWSLib
0.28.0
0.28.0
0.28.0
I made a change to the script to only use the first value returned by pkg-rquery(8)
Code: 
repo_version=$(pkg rquery %v $name | head -1)
This appears to fix the problem.
Code: 
curlew:/tmp% sh pkgaudit_check 

Checking availability of upgrades for vulnerable packages

virtualbox-ose-6.1.44_1 - new version 6.1.46 available
ungoogled-chromium-114.0.5735.198 - new version 115.0.5790.98 available
But is this a bug with pkg-rquery() or with pkgaudit_check?
 
if you do pkg search py39-joblib are there multiples returned, indicating "flavors"? That could lead to the multiple version returned
 
mer said:
if you do pkg search py39-joblib are there multiples returned
Click to expand...
I only see one? On quarterly.
Code: 
root@fbsd-test:~ # pkg search py39-joblib
py39-joblib-1.1.0              Lightweight pipelining using Python functions as jobs
root@fbsd-test:~ #
And one version returned:
Code: 
root@fbsd-test:~ # pkg rquery '%v' py39-joblib
1.1.0
root@fbsd-test:~ # pkg rquery %v py39-OWSLib
0.28.0
root@fbsd-test:~ #
After switching to latest, still only one version being returned:
Code: 
root@fbsd-test:~ # pkg rquery %v py39-OWSLib
pkg: Repository FreeBSD has a wrong packagesite, need to re-create database
0.28.0
 
After enabling both quarterly and latest I get two results, one for each enabled repository.

Code: 
root@fbsd-test:~ # pkg rquery %v py39-OWSLib
0.28.0
0.28.0

So my conclusion is that you have more than one repository enabled. And pkgaudit_check messes up, or more precisely, it never accounts for receiving more than one result. It should pick the highest version and compare it with the installed version. But this whole version check is extremely crude, it merely checks if the strings are different. Which doesn't necessarily mean it's a newer version, it's only different compared to what's installed.
 
SirDice said:
I only see one? On quarterly.
Click to expand...
I'm on latest. I wonder if we are using different versions of pkg?
Code: 
curlew:/root# pkg rquery '%v' py39-joblib
1.1.0
1.1.0
curlew:/root# pkg version -vR | grep pkg
pkg-1.20.4                         =   up-to-date with remote
pkgconf-1.8.1,1                    =   up-to-date with remote
 
SirDice said:
After enabling both quarterly and latest I get two results, one for each enabled repository.

Code: 
root@fbsd-test:~ # pkg rquery %v py39-OWSLib
0.28.0
0.28.0

So my conclusion is that you have more than one repository enabled. And pkgaudit_check messes up, or more precisely, it never accounts for receiving more than one result. It should pick the highest version and compare it with the installed version. But this whole version check is extremely crude, it merely checks if the strings are different. Which doesn't necessarily mean it's a newer version, it's only different compared to what's installed.
Click to expand...
I get three results
Code: 
curlew:/root# pkg rquery %v py39-OWSLib
0.28.0
0.28.0
0.28.0
I'm not aware of having multiple repositories enabled.
Code: 
curlew:/root# cat /etc/pkg/FreeBSD.conf
# $FreeBSD$
#
# To disable this repository, instead of modifying or removing this file,
# create a /usr/local/etc/pkg/repos/FreeBSD.conf file:
#
#   mkdir -p /usr/local/etc/pkg/repos
#   echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf
#

FreeBSD: {
url: "pkg+http://pkg.FreeBSD.org/${ABI}/quarterly",
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/share/keys/pkg",
enabled: yes
}

curlew:/root# cat /usr/local/etc/pkg/repos/FreeBSD.conf
FreeBSD: {
url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
}
 
rawthey said:
I wonder if we are using different versions of pkg?
Click to expand...
That seems to be it. After upgrading pkg(8) to 1.20.4:
Code: 
Installed packages to be UPGRADED:
        pkg: 1.19.2 -> 1.20.4 [FreeBSD]
I too get three results, with only one repository enabled ?

Code: 
root@fbsd-test:~ # pkg rquery %v py39-OWSLib
0.28.0
0.28.0
0.28.0
The other one returns two:
Code: 
root@fbsd-test:~ # pkg rquery '%v' py39-joblib
1.1.0
1.1.0
Weird.
 
You must log in or register to reply here.
Back
Top